HP Printer Firmware Vulnerability Update

  • Team Omega
  • February 22, 2012

If you have HP printers in your environment, be aware that some of them will allow a hacker to reload the firmware with instructions of their choosing.  These instructions can be used to perform very undesirable operations on your network once they are loaded on your printer.   Remember that your printers are typically behind your firewall(s,) where hackers want to run their instructions.  

The problem has to do with some HP printers not validating the origin of remote firmware updates.  Hence, a user can easily and mistakenly download firmware from any site, and apply updates that look like a normal printer firmware updates provided by the manufacturer.  But, the updates can actually be authored by hackers.    

Always be sure you are on an official HP site before updating your HP printer firmware, especially if you are prompted to do so from some non-HP site you are browsing, and keep abreast of official future updates from HP to prevent an attack that may leverage this dangerous vulnerability.